Share via

Active Directory Migration Checklist

  • Article

During an AD DS greenfield installation and migration, system engineers need checklists to keep up with what they should be doing to stand up a new domain.  This checklist is a working checklist, one that has been created here for peer review and peer additions.  This checklist should try and take into account all the high-level items one needs to look for and do during an AD DS migration.  This checklist is not meant to be a step-by-step guide but a high-level overview to keep track of what needs to be discovered.

For the previous Active Directory Checklist, check out the links below.

For a checklist on Active Directory Deployments check out:
https://social.technet.microsoft.com/wiki/contents/articles/40225.active-directory-domain-deployment-checklist.aspx

For a checklist on Active Directory Domain Discovery check out:
https://social.technet.microsoft.com/wiki/contents/articles/38512.active-directory-domain-discovery-checklist.aspx

  • Design new target domain
  • Start discovery (Source domain)
  • Determine the type of migration (restructure then migrate, migrate then restructure)
  • Setup and build Target domain
    • Create the network connections between the Source and Target domains
    • Create DNS forwarders from Source to Target and Target to Source domains
    • Forklift DNS zone if needed (needed if Source domain contains the zone named, the same name as the Target domain)
    • Mirror sites from the Source domain to the target domain
    • Apply schema updates
    • Apply appropriate ACLs
    • Create Target domain OU structure
  • Create trusts between Domains
  • Setup migration software in target domain (ADMT)
    • Install software
      • Target domain
    • Set Auditing
      • Source domain
      • Target domain
    • Disable SID filtering
      • Source domain
      • Target domain
    • Enable SIDHistory
      • Source domain
      • Target domain
    • Create migration user accounts
      • Source domain
      • Target domain
    • Create $$$ groups for NETBIOS names of domains
      • Source domain
      • Target domain
    • Setup and prepare password export service
      • Source domain (PDC)
  • Test migration after installation with a test user
    • Troubleshooting
  • IT training plan (ongoing)
    • Help Desk
    • Desktop team
    • Server team
    • Storage team
    • SharePoint team
    • Exchange team
    • DBA team
    • Application team(s)
    • Etc.
  • Clean up / Delete stale objects
    • Users
    • Computers
    • Groups
    • Contacts
    • Etc.
  • Prepare applications for migration
    • Pre-Migrate and synchronize service accounts from Source domain to Target domain
    • Configure applications to point to Source domain and Target domain for authentication
      • Alternate: Build virtual directory
        • Create proxy user accounts
        • Point all applications to virtual directory for authentication
    • Test authentication
    • Loop until finished
      • Troubleshooting
  • Migrate or build new GPOs
    • Loop until finished
      • Troubleshooting
  • Prepare scripts for migration of objects
    • Test group migration and synchronization
      • Loop until finished
        • Troubleshooting
    • Test user migration and synchronization
      • Loop until finished
        • Troubleshooting
    • Test computer migration
      • Loop until finished
        • Troubleshooting
  • Pre-Migrate Groups with SID History from Source domain to Target domain
  • Pre-Migrate Users with SID History from Source domain to Target domain
  • Migrate contacts from Source domain to Target domain
  • Make configuration changes to Exchange if needed
  • Create end user communication plan
    • Send EU communication email once a week for 4 weeks prior to migration
  • Prepare Computers for Migration
  • Re-Migrate all Groups
  • Re-Migrate all Users
  • User Acceptance Testing (UAT)
    • Migrate each desktop image for testing (if the business has 5 different images for desktop deployments, migrate each one)
    • Run through the "Start Live Migration" steps for the above images
    • Have real users test the migrated desktops in a live production environment
    • List all issues
    • Troubleshooting
    • Loop until comfortable, then proceed
  • START LIVE MIGRATION
    • Determine and outline back out plans for critical applications
    • Define collection of computers and users to be migrated (may or may not include servers)
      • GROUP ONE
        • Re-Migrate Groups (Collection 1)
        • Re-Migrate Users (Collection 1)
          • Users enabled in Target domain, disabled in Source domain
            • Migrate passwords (if desired)
            • Uncheck require to change password (if desired)
            • Disable firewalls
            • Migrate Computers (Collection 1)
              • Troubleshooting
        • GROUP TWO
          • Re-Migrate Groups (Collection 2)
          • Re-Migrate Users (Collection 2)
            • Users enabled in Target domain, disabled in Source domain
            • Migrate passwords (if desired)
            • Uncheck require to change password (if desired)
            • Disable firewalls
            • Migrate Computers (Collection 2)
              • Troubleshooting
        • GROUP ETC.
        • Continuously define and re-migrate users and groups
        • Move forward with migrating next round of computers and users
        • Loop until finished
          • Troubleshooting
  • File Server migration
    • Pray SIDHistory works
    • Backup current permissions
    • Lay down new permissions based on old permissions with scripts
  • Finalize migration
  • Set all users in the Source domain to have a new password that is unknown to user
    • Ensure all users in the Source domain have been disabled
    • Troubleshooting
    • Wait one business week
    • Shutdown Source domain, Domain Controllers
      • Troubleshooting
  • End engagement

https://c.statcounter.com/11603524/0/adf14630/1/